7 matches found
CVE-2025-52546
E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page...
CVE-2025-52548
E3 Site Supervisor Control firmware version 2.31F01 contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the...
CVE-2025-52546
E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page...
CVE-2025-52543
E3 Site Supervisor Control firmware version 2.31F01 application services MGW and RCI uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash...
CVE-2025-52544
E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...
PT-2025-35556
Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor Control versions prior to 2.31F01 Description: E3 Site Supervisor Control firmware version prior to 2.31F01 MGW contains an API call lacking input validation. An attacker can use this command to continuously crash the...
PT-2025-35557
Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor Control versions prior to 2.31F01 Description: E3 Site Supervisor Control firmware version prior to 2.31F01 contains a hidden API call within the application services that enables SSH and Shellinabox. These services exist b...